How the UK can bridge a glaring cybersecurity talent gap

This is a contributed piece by Mark Weir, Regional Director – UK & Ireland at Fortinet

Findings from the 2015 PwC US State of Cybercrime Survey revealed that only 26 per cent of those surveyed feel they have the expertise to address the cyber risks associated with the implementation of new technologies. This means that 74 per cent of organisations don’t have the cybersecurity talent they need. Reports show the UK is among the worst affected countries globally, and experts fear Brexit may have a further negative impact on recruitment, as a result of a potential mass exodus of talent. What’s worse, the scope of the challenge is broad and growing as more and more organisations – both within the public and the private sectors – digitise their networks, adopt for more interactive applications, and move services online.

In response to the talent shortfall, the private sector is offering allurements such as stock options and larger pay checks. Public organisations, on the other hand, are trying to attract security talent by focusing on purpose, control, influence, and challenges. Its market is always broader, with more interdisciplinary opportunities and applications, and its societal influence is longer-lasting. Many people derive greater satisfaction and fulfilment from a public career than from one in private industry. However, finding the elusive talent to overcome present cyber security challenges is only part of the solution.

Most organisations are up to speed on tried and true breach methods. But what about the attacks they do not yet know about? If the method is unknown, then so is the required response. The talent shortfall, therefore, is about much more than just a limited technical pool. It’s about putting in place integrated, synchronised and automated security measures, which will help organisations protect themselves from cyber threats – a functionality that most networks, public sector or not, currently lack.

The roots of today’s technology and talent shortfall

Cybersecurity has taken centre stage because of the risks related to increasing connectivity, and because organisations continue to encounter the dangerous unknowns of cybersecurity. Nevertheless, historically most organisations have focused first on ease of connectivity, and then on security, not considering that unprotected data is unreliable and dangerous, while security without data is an empty bank vault, impressive but without function or purpose. Instead, the ultimate goal should be to coordinate and scale connectivity and security equally and simultaneously. In practice, this means organisations need to embrace integrated security, as defective, altered, manipulated, compromised, or breached data nullifies the benefits of connectivity.

Achieving this change in organisational mind-sets will require a growing security talent pool and a broader definition of the talents required for that pool. Fortunately, the UK is working to develop that talent through initiatives including the increase of spending on cyber security to £1.9bn ($2.4bn) by 2020, and the opening of a National Cyber Security Centre and Institute for Coding. However, much work remains to be done.

It’s not just about technology

Today, most organisations are responsible for a variety of interconnected systems, valuable data, and critical infrastructures. Technology alone cannot protect their systems. Each one can benefit from having a more robust cybersecurity workforce, capable of planning for and protecting them against both known and unknown threats.

Solving the cybersecurity skills gap problem effectively requires enlisting security professionals with a specific set of skills. Their expertise should cover these four key areas:

Knowledge is power: The UK government is taking steps to establish an ecosystem of cybersecurity education, training and workforce development across the public and private sectors. Initiatives include creating the UK’s first cyber security Innovation Centre, and launching a Cyber Innovation Fund to develop new technologies and fund training and support for cyber start-ups and academics to help them commercialise cutting edge research and attract investment from the private sector. Keeping up to date with new plans will give you a leg up on the competition.

Know the basics: Cybersecurity experts should know about the latest technologies and forms of attack. They should also have a basic understanding of how IT messaging works – how programmes exchange messages, and what data or information they include.

Understanding people: Understanding how technology works is a definite requirement for IT. But it is just as important to have an understanding of the people using that technology, as this will provide a better foundation for preventing breaches such as email phishing attacks from infiltrating networks.

Applying lessons learned: From banking to health care to tax information, there is a range of information stored online which is at risk of being compromised or even held hostage. Cybersecurity professionals must be able take key principles learned from both known technical weaknesses and the mind-set of the cybercriminal and apply them to future, unknown threats so they can be better anticipated, mitigated earlier, or blocked altogether.

It may be easier said than done for public and private organisations to bridge the cybersecurity talent gap – but it is not impossible. The first step is to build up and reinforce the UK’s cybersecurity talent pool. One way to do this is by creating programmes and public/private partnerships to actively recruit more individuals into the cybersecurity field from universities and the armed forces. The next step is to ensure professionals’ knowledge toolbox includes the four key areas listed above, through constant education and retraining.

The sooner these initiatives are put into place, the faster organisations will have access to the talent they need to safeguard their critical data – and the better they will be able to prepare for known and unknown current and future threats.

Our Case Studies

IDG Connect delivers full creative solutions to meet all your demand generatlon needs. These cover the full scope of options, from customized content and lead delivery through to fully integrated campaigns.